Clarify the docs on DropCapability

It was a bit unclear what setting it to empty means.

Also, add to the tests verification that this works.

Signed-off-by: Alexander Larsson <alexl@redhat.com>

docs/source/markdown/podman-systemd.unit.5.md

@@ -126,8 +126,8 @@ setuid and file capabilities.
 
 #### `DropCapability=` (defaults to `all`)
 
-Drop these capabilities from the default container capability set. The default is `all`, allowing
+Drop these capabilities from the default podman capability set, or `all` for all capabilities. The default if no
-addition of capabilities with `AddCapability`. Set this to empty to drop no capabilities.
+`DropCapability` is set is `all`. Set this to empty (i.e. `DropCapability=`) to use the default podman capability set.
 
 This is a space separated list of capabilities. This key can be listed multiple times.
 

test/e2e/quadlet/capabilities.container

@@ -1,9 +1,11 @@
-## assert-podman-args "--cap-drop=all"
+## !assert-podman-args "--cap-drop=all"
 ## assert-podman-args "--cap-add=cap_dac_override"
 ## assert-podman-args "--cap-add=cap_audit_write"
 ## assert-podman-args "--cap-add=cap_ipc_owner"
 
 [Container]
 Image=imagename
+# Verify that we can reset to the default cap set
+DropCapability=
 AddCapability=CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
 AddCapability=CAP_IPC_OWNER